W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

more minor Digest Auth editorial comments

From: Paul Leach <paulle@microsoft.com>
Date: Tue, 27 Feb 96 17:08:04 PST
To: john@math.nwu.edu
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: red-16-msg960228010111MTP[01.52.00]000000b1-118468
I made these before, but they may have been lost in the incrementing 
discussion.

1. A definition of what is "message-body" in section 2.1 needs to be 
given. Does it include entity-headers, general-headers, 
response-headers (when sent by server) or request-headers (when sent by 
client), as well as the entity-body?

2. In the security considerations section, the rationale for including
client IP in the recommended nonce needs to be given, over just
checking the IP address of a later request containing a nonce against
the IP address to which the nonce was originally given. Is it to
reduce the amount of state that the server needs to hold?

Paul
Received on Tuesday, 27 February 1996 17:06:18 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:47 EDT